Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Misleading (Score 2) 106

The most annoying thing about Amazon is when you search for a specific part number, or product SKU, and instead of saying "We don't carry this, here are some alternatives." or "We're out of stock, but these might fit the bill." They just feedyou results, many of which are irrelevant. If your patient enough, you might eventually find what you were looking for only to realize the above. It just shows how much they value your time.

Instead of being upfront, and honest, they figure if they show you enough results, even if they have nothing to do with what you wanted, that some % of time, some % of people will end up buying something else. It's also why their search results never seem to come to an end.

It's burned me a couple of times in the past, when I was rushing, and thouht my search was specific enough, but didn't realize the ignored the "XL" and bought a "S/M" instead, or something like that.

The only bright side, is that if you spend enough time clicking around they're website, you can find the return link (they make it harder to find every time I need it), and usually take back the crap they sent me by mistake. Makes me wonder whether the good will they're losing + the money in returns they're spending, makes it worth that % of people who buy stuff they didn't initially intend.

As for me, I've stopped shopping on Amazon. Fortuntely, I know a few sites that will let me setup keywords and they'll let me know if Amazon has a good deal. But otherwise I've started looking else where for things.

IMO, the much bigger issue is all the crap peddled by fli-by-night vendors, many from China, selling products that don't function as advertised. Like the waterproof earbuds that are IPX76, but stop worked the moment they get wet.

Or the USB cables thta don't work at all (b/c the device+oem charger realize the resitance isn't to spec for the cable, and is crap), or stop working within days. I'm starting to think these products are built last just longer than the 30 day return window, often enough (but not always), to avoid costs/issues/negative feedback. Meanwhile they manipulate the Amazon rating/review system with inentives, so people post postiie reviews within days of getting something, and then never follow up when it fails.It's a serious issue. I've had USB-C cables, charging bricks, and power strips all catch fire. Fortuntely the only one I know of to generate an open flame, I was present for, and extinguished. So usually it's just scorch marks and more e-waste.

Amazon, officially says it isn't responsible for what third parties sell on it's website, even if they handle full fillment. Which is just exploiting the fact that there is no legal statue, or case law to the contrary. And that they suspend/disable vendors they catch cheating/defrauding. But the fact is that only happens when the media points a light on something/someone. They don't actively try to stogle op it because they have no incentive to. On the contrary, they make money off the fraud. And they've made it so easy for foreigners to setup fly-by-night operations by handling the logistics, that when one name/brand is shut down, they simply switch to another one.There is an endless supply discontinued products on Amazon where the reviews eventually tanked, or the vendor got kicked off because enough people with enough influence complained, only to find the EXACT SAME PRODUCT being sold under a different brand. It's annoying. And the sad thing is, if these prdocts are going through Amazon's wharehouses already, it wouldn't be that hard to pull a unit from the first shipment, and verify the claims on the product page, plus a spot check of random unit every 1k-10-100K units sold.

P.S. Google search has gotten pretty bad as of late too. I can enter sha hashes for well known ISOs, and get 0 results. But if I search for "is tv show X being renewed for another season" I'll get 100k pages of useless results, with perhaps 1-2 of them being anything definitive/interesting to say. And Gooogle shopping/images are just as bad. I've had to find workarounds quite as of late. Hopefully this opens the door for another company to take over the search game, the same way Google did with AltaVista, and they did with Yahoo (I know Y! was a searchable directory so not the same). Yes, I've tried DDG/Bing/StarPage and a few more. And they either repackage the same crappy results or can't find the valueable result buried in haystack that I need.

Rant complete. Back to work.

Comment Re:Any loss of functionality? (Score 4, Informative) 14

What *can't* you do with App Bundles vs. APKs? Can they still be sideloaded outside the App Store environment, in particular?

Last I checked, App bundles required using Google's "key escrow" service to sign the downloaded APKs. It makes a little bit of sense, in that since the APKs are generated on demand, and need to be signed, that Google would require this. But it also means the Play store can replace legitimate apps with customized versions, if compelled, by a government. Note, that authors still need to authenticate and sign their uploads. But those signatures are only used to authenticate the uploaded bundle, and not the APKs.

In terms of side loading an APK, the answer is yes and no. Essentially an app bundle is just a collection of APKs, which can be extracted individually, copied to another device and installed. That said, if the devices aren't identical, there is a good chance the source device won't have the right files. In the past APKs were split based on arch (x86, x86_64, armv7, and armv8a, plus a brief experiment with MIPs). So if you copied an APK within that arch category it worked. But now, if you copy the files off a different device, it might not contain everything you need. Screen resolution is probably the biggest separator, but their could be others.

I've migrated apps using ADB and it's a pain with APP bundles, so I've started using a helper app which creates a single apkm file (essentially a zip file) with all the APKs in a single file, and then reverses the process during install, which makes it less painful that manually extracting/installing 4 - 8 separate files.

The bottom line is that app bundles have a lot of benefits, especially for game developers who have lots of graphics files, some of which may not be needed. Since the Play store limits apps to 100 MiB this allows them to fit more into an initial download. (If they need more than 100 MiB they have to use the Google APIs to deliver the additional content on the fly, as it's needed).

For security focused apps, where making sure an app gets distributed without modification, app bundles are potentially evil, and could potentially break the entire Android security/trust model. Personally, I prefer to get those apps from F-droid, if possible. Of course I also have a lot of devices without Google services of any kind on them, which puts me on the extreme end of the spectrum.

Google _could_ have developed a method for developers to still sign their assets, by, for example, signing each asset inside an APK instead of the APK as a whole, but to my knowledge haven't opted to go that route, in favor of requiring key escrow.

Note, I haven't researched this issue in about a year, so if anyone has more recent info, please speak up.

Comment What we need to progress towards a solution. (Score 2) 38

As the CEO of one of the very few companies to challenge these secret orders, I've spent a fair bit of time thinking about this issue, how we can make progress towards a solution.

This problem starts with the end of the Cold War. Without the Soviet Union, the US made dramatic cuts to its military and by extension, intelligence budgets throughout the 1990s. In practical terms, this precipitated a massive shift in focus from HUMINT to the more cost effective SIGINT. The emergence of the Internet, and cell phones made it work. By 2001 the NSA had an arsenal SIGINT tools, and it's reach was pervasive, but its focus was on state actors, and their agents. That all changed, almost overnight, with the September 11th attacks. Almost overnight the same tools were turned against civilians, both foreign and domestic. Part of this shift was allowing law enforcement agencies, most notably the FBI, widespread access to highly classified means and methods. The popularity of smart phones, starting in 2007, and the proliferation of broadband made SIGINT infinitely more valuable.

The point I'm trying to make is that by the time Snowden went public in 2013, law enforcement, and intelligence agencies had already developed a sense of entitlement to everyone, and anyone's personal data. Any attempt to restrict their access, or thwart it through technical means is view as an affront. For the small subset of law enforcement and intelligence analysts that have had unfettered access for so long, invading our private lives has become autonomic, like breathing, and they defend their right to peep with the same veracity. Of equal concern is this reliance on SIGINT has caused their capability to use more traditional methods to atrophy. An FBI agent who spent their entire 20 year career tracking suspects using their cell phone, won't know how, or be inclined to follow that same suspect physically.

So how do we protect our freedom, and thwart missuse without castrating law enforcement? I believe the first step is disclosure. It's my belief that indefinite gag orders are unconstitutional. Furthermore, any statue authorizing such gag orders without a time limit is equally unconstitutional. In the past it has taken my company years, and great expense to get details unsealed, placing a large burden on us to exercise our right to inform the public. In the future I intend to demand the expiration of the gag as a precondition for compliance. In the short term, I believe all tech companies should take the same stance. Note I'm only advocating for the right to inform a user that their data was shared, not the obligation.

It's my opinion that Congress should modify statues, and limit gag orders to an initial 90 days, followed by the government's burden to renew it every 30 days thereafter. Furthermore, the overall period should be limited to a maximum of 1 year. That period may be extended up to 2 years, if an indictment is granted, and arrest warrant issued within the first year, and the suspect remains at large.

Transparency reports tell us how many search warrants, and subpoenas for personal data are issued each year, (note individual warrants and subpoenas often demand the data of multiple people). What transparency reports lack, are statistics on the number of people targeted, or just how many of those data demands result in criminal charges. It's my belief, based simply on the number of criminal prosecutions per year, that fewer than 1% of those targeted will ever face criminal charges. The real number is probably significantly less than 1%. It's an oft overlooked reality, that beyond a few high profile exceptions, only those who face criminal charges ever receive proof they were targeted for surveillance.

I believe, that over the long term, attitudes will shift, when people start to learn all of their personal data, including years worth of text and email messages, private photos, searches and browsing habits were rummaged and reviewed by a government agent because their daughter plays on a soccer. That their privacy was violated based on the tenuous logic that the father of another player on that team, sent money to a relative abroad, that is on a list of people sympathetic to an organization viewed as hostile. Once enough people find out the truth, that their private thoughts have been entrusted to an agent who is likely to posses perverted attitudes toward personal privacy, and the presumption of innocence, will the public attitude towards surveillance mature, which will in turn, allow the democratic process to function properly. Because it is only through informed debate will we ever find a true and equitable solution.

Comment Blockchain is different from Cryptocurrency (Score 2) 90

The headline is misleading. It sounds like Facebook actually wants to leverage blockchain technologies to accomplish tasks, and provide value/security for their services. That is distinct from a "cryptocurrency." The latter makes use of a distributed ledger (typically a blockchain, more in a second) to create a medium of exchange. This medium of exchange is essentially a commodity, like gold (difficult to acquire, with a limited supply), which is traded to settle debts (i.e. buy stuff), a function typically performed using money. In other words a cryptocurrency is a commodity being used as money. For whipper snappers this is a foreign concept. For old farts like myself, we still recall the days when gold was used as a common medium of exchange in the barter system. "Money" was invented to make payments easier, because large amounts of gold are bulky, and heavy. Instead paper was traded, initially the paper notes were issued by "banks" (I use that term loosely), and that paper could be redeemed from said issuer for gold. That function was eventually taken over by governments, first state, then federal. The US dollar was backed by gold from 1879 to 1933. A cryptocurrency is the electronic equivalent of this system.

What makes cryptocurrencies possible is the invention of "blockchain" technology. A blockchain is essentially a public ledger that has been distributed. What's unique is how the blockchain uses cryptography to ensure a consensus among untrusted parties over what transactions are on the blockchain, and thus valid. That is the "proof of work" idea, whereby the network only accepts blocks which included the requisite proof of work. Cryptographic signatures are used to create transactions, where a signed transaction transfers a given unit from one private key to another. The holder of the associated private key is in essence the holder of the units, as anyone with access to the private key can create valid transactions which transfer (or spend) that unit. The blocks themselves are linked together cryptographically, using hashes, such that a modification to a given block would invalidate all of the blocks that follow it. That is why we talk about confidence in transactions, which that confidence governed by the number of blocks which follow it.

It's worth noting that many cryptocurrencies don't use true blockchains to record transactions. They only use cryptographically signed transactions to validate transfer. These are essentially gift cards, as the ledger can be altered, modified, etc, if the group in charge wants it.

Like I said above, with bitcoin, and most cryptocurrencies, you can see every transaction that has ever been made, and how much was transferred. If you determine who controlled the addresses (aka private keys), you know who was behind a transaction. This is incredibly easy. That is why, I exclusively hold and use Monero, which is an improvement on the original blockchain concept (aka bitcoin) which makes use of cryptography to validate, but also mask transactions. This provides significantly more privacy.

Comment Kinesis LF (Score 1) 190

I use the Kinesis Advantage (w the foot pedals for the modifiers). I have three of them already, but all of them are the standard model (1 in storage). This article convinced me to buy their new Low-Force version, which uses the Cherry MX Red switches. I'm hoping it helps with my arthritis. Its a recent addition to the Kinesis Advantage family, and one that wasn't available when I purchased my current HID. L~

http://www.kinesis-ergo.com/sh...

Slashdot Top Deals

You can't have everything... where would you put it? -- Steven Wright

Working...